Subscriber Interface Modules, or xe2x80x9cSmart Cards,xe2x80x9d including a microprocessor, and in particular the installation, programming and accessing of such subscriber interface modules.
Portable data or information carriers in the form of a card or the like are known. Such carriers are commonly known as Subscriber Interface Modules (SIMs), or xe2x80x9csmart cards.xe2x80x9d As disclosed in U.S. Pat. No. 4,816,653, the complete disclosure of which is incorporated by reference herein, the SIM looks and feels much like an ordinary credit card, but the SIM includes a computer, an electrically erasable programmable read-only memory (EEPROM), and also circuitry for receiving a combined power and timing signal from a card reader/writer optionally located within an associated device or station. These card components and circuitry also receive and transmit data signals between the card and, via the reader/writer, the associated device or station. The SIM is thus a small portable article including an electronic arrangement having a microprocessor coupled to an electrically programmable read-only memory.
The SIM is used in many industries to provide secure access to personal data, such as bank account numbers, medical records, and telephone access codes. Conventional SIMs, however, generally hold just one application. One SIM might be used for a banking/financial application, while another SIM might be dedicated to a security application for entry to a building or workplace, while yet another smart card might be dedicated to access a telephone system. In general, the internal handling of data by the SIM deprives a would-be defrauder of any opportunity to learn the nature of information required to use the SIM.
In order to maximize the confidentiality of information stored in the SIM, and more specifically to limit the amount of information available to a would-be defrauder monitoring data lines or radio frequency carriers connecting the data SIM to external devices, the SIM includes a microprocessor and a memory operatively associated with the microprocessor. According to one embodiment disclosed in U.S. Pat. No. 4,211,919, the complete disclosure of which is incorporated by reference herein, the memory has three zones: a secret zone in which reading and writing operations are permitted by internal circuits of the SIM; a working zone in which any reading or writing operations are permitted; and a read zone where only reading operations are permitted.
The secret zone of the memory disclosed in U.S. Pat. No. 4,211,919 includes at least one key or code which is compared to a key received from a device external to the SIM for determining whether a particular operation is authorized. The secret zone includes an ERROR zone and an ACCESS zone in which information is stored indicating attempted access or access to strictly confidential data requiring the use of a key. The microprogram stores one bit in one or the other of these two zones each time access to the SIM is requested. Therefore, performing read and write functions in predetermined zones of the memory is possible, provided that a secret code or key is fed into the data SIM.
More particularly, according to U.S. Pat. No. 4,211,919, the operations to be performed are monitored and handled internally and continuously by a microprogram which is stored in memory and executed by the microprocessor. The SIM functions are summarized as follows:
(1) sequential reading and writing of memory in the authorized zones starting from a given address;
(2) acquisition and checking of an enabling key by comparing the key with a word which is written in a secret zone of the application memory, and therefore inaccessible from outside the SIM;
(3) authorization or denial of reading and writing;
(4) systematic self-checking of the writing in the memory;
(5) ordering internal storage of errors and/or successful attempts at access; and
(6) disabling previous functions when the number of errors, i.e., unsuccessful attempts, reaches a predetermined maximum count.
As disclosed in U.S. Pat. No. 4,816,653, a vast amount of computing power and memory are present right in the SIM. The SIM is capable of carrying the account numbers of all of the owner""s charge accounts, the balances of all of the accounts, the credit limits of all of the accounts. The card is also capable of carrying other such personal data as, for example, personal telephone directories, and personal telephone access codes. The presence of such data in a portable SIM requires suitable security for the data on the SIM. SIM components and circuitry exchange authorization data with appropriate application software residing in the device or station, when enable by an appropriate password. A suitably configured application device or station, which includes a computer or dedicated workstation that executes application software necessary for accessing the memory in the SIM enables the retrieval and modification of information stored in the SIM memory.
Certainty that the device or station is communicating with an authentic file on an authentic SIM is achieved by assigning each card a unique serial number and using this number, or subset thereof, along with a concealed application password residing in the device or station. These numbers are manipulated algorithmically to produce an authentication code which is stored in the application""s file on the SIM at the time of creation. During subsequent transactions, this code must be favorably compared to a similar code generated independently by the device or station to enable a transaction. The SIM requires a user to provide a password before access to files other than those at the public level is permitted. Security is further ensured by restricting the number of unsuccessful password attempts.
According to U.S. Pat. No. 4,816,653, the SIM is fully passive and not able to initiate any transaction with the device or station. Rather, the reader/writer signals xe2x80x98attentionxe2x80x99 to the device or station. The device or station responds to the xe2x80x98attentionxe2x80x99 signal and interrogates the reader/writer to determine the reason for the xe2x80x98attentionxe2x80x99 signal.
U.S. Pat. No. 5,721,781, the complete disclosure of which is incorporated by reference herein, discloses a SIM that is assigned its own digital certificate containing a digital signature from a trusted certifying authority and a unique public key. Additionally, the cardholder is required to enter a unique Personal Identification Number (PIN) to complete a transaction. The PIN is passed to the SIM for use in authenticating the cardholders identity. The system disclosed in U.S. Pat. No. 5,721,781 includes a terminal that is capable of accessing the SIM. The terminal has at least one compatible application which operates in conjunction with an application on the smart card. To begin a transaction, the SIM and terminal enter an authentication phase wherein the terminal verifies that it is communicating with an authorized SIM. This usually entails the SIM forwarding its own access code to the terminal for verification. The SIM uses the terminal""s public key that it received in the terminal""s certificate to send a message. Only the terminal can decrypt the message using its private key. Similarly, the terminal can encrypt a reply message using the SIM""s public key and only the SIM can decrypt the message. The encryption algorithms introduce xe2x80x9cdigital signaturesxe2x80x9d which are employed to ensure that the appropriate parties are communicating with each other. Thus, when the SIM encrypts a message using the terminal""s public key, it tags a personalized digital signature onto the message. The SIM encrypts the combined message using its own private key.
The terminal receives the communication and decrypts it using the SIM""s public key. This decryption yields a scrambled part that contains the encrypted message and a legible part that consists of the SIM""s signature. Since the communication was decrypted using the SIM""s public key, it follows that only the SIM (using its private key) could have encrypted the entire communication. Thus, upon seeing the SIM""s digital signature, the terminal is assured that the communication truly came from the SIM. The terminal discards the digital signature and then decrypts the other part using its own private key to obtain the original message. The encryption scheme therefore ensures for the receiving party (i.e., the terminal in this example) that the communication is from the desired sending party (i.e., the SIM) and that only the receiving party can read the original message. Following authentication, one or more transactions are conducted and the card is removed from the terminal, ending the session.
U.S. Pat. No. 5,237,612, the complete disclosure of which is incorporated by reference herein, discloses a system for the validation and verification of base stations and mobile stations within a cellular radio communications network using SIMs. The system includes a fixed key and a changeable key which are applied as inputs to a proprietary authentication algorithm. The algorithm generates key-dependent responses, at least one of which is independent of the changeable key. The responses generated by a particular mobile station are compared to the responses generated by the network and the presence of fraudulent users may be detected.
As disclosed in U.S. Pat. No. 5,237,612, mobile registration is the process by which a mobile telephone unit becomes listed as being present in the service area of one of the mobile exchanges in a mobile telephone service network. As each mobile telephone unit enters a new area within the network, it sends a unique identity signal which is detected by the mobile exchange associated with that area. This exchange records an indication of the presence of the mobile subscriber in its memory and then informs all the other exchanges of the presence of the mobile subscriber within its coverage area at that particular moment. When the mobile subscriber crosses over into another area, the exchange associated with that area, upon receiving an identity signal from the telephone unit, will record an indication of the mobile subscriber""s presence there and then transmit the identity signal to all of the other exchanges together with its own identity signal, for the purpose of updating the mobile subscriber""s position.
As described in U.S. Pat. No. 5,237,612, in other known solutions, a mobile subscriber""s identity and position messages are sent by each exchange, whose respective areas are crossed by such mobile subscriber, to a specific center. Any exchange in the mobile network which contacts this center may receive all the information necessary for locating and making a connection to the mobile subscriber. This solution eliminates the need to advise one or more of the other mobile exchanges each time a mobile subscriber enters a new area without making or receiving a call there, and thereby reduces the amount of mobile subscriber location data that must be processed by each of the mobile exchanges within the network.
In some systems, the aforementioned center may be a common national center such as that used in the mobile telephone location system disclosed in U.S. Pat. No. 4,700,374, the complete disclosure of which is incorporated by reference herein. As described in U.S. Pat. No. 5,237,612, in other systems, the center may be the exchange to which a mobile subscriber is assigned (the xe2x80x9chome exchangexe2x80x9d). In such other systems, the mobile subscriber may preregister in an area other than the normal service and billing area (the xe2x80x9chome areaxe2x80x9d) for service to be provided in the other area (the xe2x80x9cvisited areaxe2x80x9d) by the exchange associated with the visited area (the xe2x80x9cvisited areaxe2x80x9d). When a roaming subscriber arrives in the visited area, the mobile subscriber is qualified to make telephone calls from there and calls which are received in the mobile subscriber""s home area are forwarded to the visited area for transmission to the mobile subscriber.
U.S. Pat. No. 5,237,612 discloses a procedure and hardware for providing adaptable authentication of a mobile station within a radio network. U.S. Pat. No. 5,237,612 also discloses a method for the verification and validation of a mobile station in a radio network in accordance with an authentication algorithm executed in each of the mobile station and the network. A random number signal is transmitted from the network to the mobile station. A set of inputs, including the random number signal transmitted from the network to the mobile station, a fixed key value and a changeable key value are applied to the authentication algorithm. A set of outputs including a first response signal, which is dependent on the fixed key value and independent of the changeable key value, and a second response signal, which is dependent on the changeable key value, are generated from the authentication algorithm. The first and second response signals are transmitted to the network and compared with the first and second response signals generated in the network.
As disclosed in U.S. Pat. No. 5,444,764, the complete disclosure of which is incorporated by reference herein, in current radiotelephone systems such as the Global System for Mobile Communications (GSM) radiotelephone system currently in use in Europe, a SIM card is inserted into a radiotelephone for providing subscriber identification, billing information and other information concerning the operation of the radiotelephone. In the GSM system, the same telephone hardware can be used with any SIM card inserted into the SIM card reader of the radiotelephone.
U.S. Pat. No. 5,444,764 discloses a radiotelephone system that includes a radiotelephone having a subscription lock and a removable SIM containing an international mobile subscriber identification (IMSI). The subscriber lock is used to restrict registration into the radiotelephone system to those radiotelephones which contain a SIM card which has an IMSI which falls within a range of valid IMSIs programmed into the radiotelephone and those for which the user has entered a subsidy flag Personal Identification Number PIN) which permanently disables the need for a valid IMSI.
According to U.S. Pat. No. 5,444,764, upon power-up of the radiotelephone, a SIM is inserted by the user into the SIM card reader contained within the radiotelephone. The radiotelephone prompts the user to insert a Personal Identification Number (PIN), which unlocks the SIM card allowing access to the subscriber information contained therein. Alternatively, the SIM card does not require the entry of a PIN number to unlock the subscriber information contained therein. However, the disclosure cautions that the SIM access PIN is not to be confused with the described subsidy flag PIN. Upon entering the SIM card access PIN, the radiotelephone executes a process that registers the radiotelephone for service in the radiotelephone system. Once registered, the radiotelephone is able to send and receive RF signals from a remote transceiver.
U.S. Pat. No. 5,444,764 illustrates a process flow chart describing a method for controlling access to a radiotelephone system. The process is implemented in software in a microprocessor which is embedded in the radiotelephone controller. Prior to executing the process, the following values are initialized by the manufacturer and remain valid for the life of the phone: a PIN retry counter is set to a predetermined value, an unlock counter is set to a predetermined value, a range of valid international mobile subscriber identifications are set, a PIN register is set to a predetermined PIN value and a subsidy flag is either set to 0 or 1 indicating an active subsidy flag, or an inactive subsidy flag.
The process controlling access to a radiotelephone system begins at a decision block where the value of the subsidy flag is determined when the phone is registered for emergency service only. When the value of the subsidy flag is equal to zero, then the subsidy flag is not set, and the radiotelephone registers for full service within the radiotelephone system. If the subsidy flag is set, then the process compares the value of the PIN retry counter to zero at another decision block. If the PIN retry counter is not equal to zero, then the process checks to see if the international mobile subscriber identification falls within the subsidy range of valid IMSIs at a third decision block. If the SIM is within the subsidy range, then the radiotelephone registers for full service in the radiotelephone system. If the SIM falls outside the subsidy range of valid SIMs, then the process requests the user to enter a subsidy flag PIN.
The process compares the subsidy flag PIN entered by the user to a predetermined PIN value stored within the EEPROM in the controller portion of the radiotelephone. If the subsidy flag PIN entered by the user equals the predetermined PIN value, then the subsidy flag is cleared, and the radiotelephone is registered for full service in the radiotelephone system. If the subsidy flag PIN entered by the user is not equal to the predetermined PIN value, then the PIN retry counter is decremented by 1. At yet another decision block, the current value of the PIN retry counter is compared to zero. If the PIN retry counter is not equal to zero then the process returns to the function which requests a user to enter a subsidy flag PIN. If the PIN retry counter value is equal to zero, i.e., all of the predetermined number of PIN retry attempts are exhausted, then the phone becomes locked.
As disclosed in U.S. Pat. No. 5,987,325, the complete disclosure of which is incorporated by reference herein, in radiotelephone systems such as GSM, a SIM card is inserted into a radiotelephone for providing subscriber identification, billing information and other information concerning the operation of the radiotelephone. The SIM is a key component of the GSM and typically comprises a smart card which is inserted into a GSM phone in order to make the phone functional. As described in U.S. Pat. No. 5,987,325, in a typical cellular telephone communication system, each subscriber unit is assigned a mobile subscriber identifier (MSI) which uniquely differentiates the subscriber unit from other subscriber units. In the European cellular communication system, one such identifier is the international mobile subscriber identification number (IMSI).
U.S. Pat. No. 5,987,325 discloses a personal communication system which has a single personal telecommunications device which is operable in all available cellular systems, e.g., AMPS, TDMA, CDMA, GSM, etc. across all available cellular frequencies, e.g., 900 MHz or 1800 MHz as well as satellite frequencies, and which operates like an inexpensive cordless phone when the user is at home. The user has a single phone number that tracks that phone such that wherever the phone is, that is where the user is. In the SIM environment, a user is not constrained to carry his own personal communications device on him at all times, since it is SIM plus a generic, non-user specific communications device which the system sees, as opposed to a specialized, user specific device such as a conventional wireline phone or a conventional non-GSM cellular phone.
U.S. Pat. No. 5,987,325 further discloses a single telephone capable of accepting and responding to multiple SIMs, such that in situations whereby there is only one communications device, but yet several people, each having their own number, desire access to that device. Alternatively, a person may have multiple SIMs, for example, one for personal communications and another for business. Thus, a telephone accepting and responding to multiple SIMs provides multiple unique secure communications in a single device.
In SIM card manufacturing, certain seed information, including the unique identification code for billing and authentication purposes, the fraud prevention algorithm, and a unique serial number cross-referenced to a blank authentication table are provided by the Gateway Business System, a business unit at the Gateway level used for customer management, customer care, retail billing, inventory management, and SIM card commissioning and activation. The seed information is provided in the form of an electronic Pre-Personalization Card Input File (PPC-In file), usually stored and transported on a diskette. The PPC-In file typically includes at least the customer name to be associated with the account; the transport key reference number for the key that will be used for encryption of the key on a PPC-Out file; the starting value for the group of IMSIs to be used; the starting value for SIM card serial number group to be used.
The diskette containing the PPC-In file is provided to the SIM card manufacturer along with a letter instructing where the PPC-Out file, invoice, and completed physical SIM cards are to be delivered. The SIM card manufacturer generates implementation specific information necessary to complete the authentication table, including a unique code tied to the telephone number and keys to the encryption code for satisfying the fraud prevention algorithm. The SIM card manufacturer loads the data into a physical SIM card, thereby completing the authentication table, and creates an electronic PPC-Out file, preferably stored on a diskette. Generally, the physical SIM cards go to the designated service provider (SP) and, in a telecommunications implementation, the PPC-Out file goes to a Gateway Business System. The Gateway Business System receives the PPC-Out file. The Gateway Business System ensures that the Authentication Command (AuC) file is provided to the Gateway network switch providing the interface between the mobile network and the public switched telecommunications network (PSTN), and that the appropriate response file was received. The Gateway Business System then allocates the IMSI resources from the SIM card order to a particular service provider.
In independent telephones accepting one or more SIMs, mobility of the telephone identity is the paramount interest. Such mobility is provided by the plug-in SIM. PINs protect the SIM owner from loss or misappropriation of the SIM. In contrast, implementations fixed in place, in a building or moving vehicle, and providing telephony to multiple users presents a situation wherein mobility of access is irrelevant and the physical SIM cannot be lost. In such implementations, a single microprocessor accesses a database of multiple SIMs. However, While each independent telephone carries its own SIM card, this configuration is impractical for applications requiring multiple SIMs. For example, in avionics applications, where every seatback includes a handset, providing a SIM for each seatback handset is impractical. Rather than provide a SIM card for every seatback and cabin handset, typical airborne mobile cellular systems provide a central transmission control system having one or more RF transmission channels. One SIM card is associated with each channel of the airborne telecommunications unit.
Although the number of communication channels provided in the mobile cellular unit depends upon the specific implementation, one specific implementation provides 30 voice channels and 30 data channels shared among all of the onboard terminals.
Today""s SIM cards are physical circuit cards for mounting on a PC board. SIM cards require a mounting connector for interfacing to the PC board, plus support circuitry for addressing and reading the individual SIM cards. The total board space required to supply all the SIM cards necessary for even an eight-channel installation is more than can practically be fitted into the telecommunications unit. Nor will the necessary PC boards fit in the space allotted for a standard Aircraft Personality Module (APM).
Rather than individual SIMs coupled to each onboard terminal, the physical apparatus of a telecommunications unit includes one or more SIM cards interfaced to a main system central processing unit (CPU). The CPU performs the actual receive and transmit functions between the telecommunications unit and the communications network. The interface typically includes a micro-controller, or microprocessor, which controls the individual SIMs. The micro-controller is usually part of a SIM reader, which also includes several interface circuits associated with an individual SIM and allowing the CPU to read the contents of the associated SIM. The terminals convert analog voice input into a digitized serial data stream. The main CPU generally lacks the processing capacity to handle the actual serial data transmitted by the handset. The SIM reader, therefore, converts the serial data stream from the user terminals and relays the resulting parallel data to the main system CPU.
One known implementation includes multiple conventional universal asynchronous receiver-transmitters, or UARTs, each interfacing with one SIM for serial to parallel data conversion so that the data can be received by the system CPU. Another known implementation includes a conventional UART and a micro-controller to interface between the SIMs and the CPU. Still another known implementation includes a conventional UART to manage serial output from the micro-controller for the CPU.
FIG. 1 is a block diagram of one prior art telecommunications unit transmitting and receiving signals between multiple user terminals situated in a central location, such as multiple telephone handsets in a business office using the general GSM cellular network, or cabin and passenger telecommunication equipment onboard a host aircraft or other vehicle, for example, seatback telephone handsets, and a satellite constellation for relay to ground stations. As shown in FIG. 1, the telecommunications unit 100 of the prior art includes a control module 105 having a main system central processing unit, or CPU, 110 performing the actual receive and transmit functions between the telecommunications unit and the satellite constellation. CPU 110 interfaces with multiple user terminals through a SIM card reader 112. In FIG. 1, prior art SIM card reader 112 includes a built-in microprocessor, or micro-controller, 114 coupled via common serial I/O to separate and independent interface circuits 116. Each interface circuit 116 allows micro-controller 114 to access one physical Subscriber Interface Module, or SIM card, 118. Under software control, interface circuits 16 manage the power up, clock frequency and protocol selection procedures. Micro-controller 114 incorporates an address register that it decodes to obtain chip selects for SIM cards 118. These chip selects are used by SIM card interface circuits 116 to access individual SIM cards 118. Micro-controller 114 relays information from SIM cards 118 to CPU 110 over a standard RS232 interface. SIM card reader 112 also includes a universal asynchronous receiver-transmitter, or UART, 120 to manage the serial output of micro-controller 114 by converting the serial data so that it can be received by the parallel port of CPU 110.
The physical SIM cards and support circuitry require physical volume, a resource which is severely limited onboard a host aircraft. Also, the accurate mapping of SIM cards to their associated terminals in the telecommunications unit is critical to functionally enabling a system for operation on the telecommunications network. In a typical installation, the SIM cards are installed in the field. The field installer is required to accurately record each SIM card identification number and note the installation slot to which the SIM card applies. For installations which incorporate multiple SIM cards for handling multiple user terminals, the field installation process provides numerous opportunities for documentation and recording errors. For example, SIM card identification number transposition, mis-entry and/or mis-recording of the physical slot location in which each individual SIM card resides within the telecommunications unit.
Furthermore, field installation of SIM cards eliminates the opportunity for operational verification of the SIM card-to-control system electronic interface prior to installation. Field installation also introduces the potential for contamination of the SIM card""s electrical contacts and subsequent degradation in operational reliability.
Also, today""s physical SIM cards are designed to best commercial practices, but are intended for use in environments that are benign to human operators. In industrial, military, or aviation environments where operational environments often exceed the bounds of human comfort levels, the reliability of physical SIM cards is significantly degraded. In contrast, the main system CPU of the mobile cellular unit is typically environmentally hardened. Thus, in the combination of SIM card and environmentally hardened CPU, the SIM card represents the weak link, degrading the overall system reliability. When coupled with applications requiring a large number of SIM cards, the overall reliability of the system is degraded below acceptable levels.
The only solution available today is to package the individual physical SIM cards into a single line-replaceable module for mounting in close proximity to the communications control unit. Contributory to the need for a line-replaceable form factor is the limited reliability of the SIM cards in inhospitable environments. These items are presently designed for individual use where a mean-time-between-failures (MTBF) on the order of 12 to 24 months is considered acceptable. In an avionics environment having multiple SIM cards per aircraft installation, the probability of frequent maintenance activity due to a SIM card failure is expected to be unacceptably high, thus necessitating a line-replaceable module. This hypothesized SIM card line-replaceable module fails to address the problems presented in the prior art.
What is needed is a means of providing the SIM card functions for multiple SIM cards in a space no larger than that currently occupied by the control system unit of the telecommunications unit. Preferably, the SIM card functions are provided in a format that overcomes the difficulties of installing and mapping the physical SIM cards to associated terminals in the control system during field installation and maintains full functionality in industrial, military, and aviation operational environments without degrading overall system reliability.
The present invention overcomes the space, installation, and reliability limitations of the prior art by providing software emulation of user interface module functions in embedded processor applications that replace externally mounted user interface modules. The embedded processor of the invention includes one or more user software interface modules emulating the functions of multiple SIM cards; occupies a space no larger than that currently occupied by the control system unit of the telecommunications unit; and is environmentally hardened to maintain full functionality in industrial, military, and aviation operational environments.
The present invention provides a controller for controlling communication with a telecommunications network, the controller including a unique user data file stored in non-volatile memory and an environmentally hardened processor coupled to the memory. The processor of the invention executing machine instructions to implement several functions provided by the mobile cellular unit and SIM cards of the prior art, the various functions including validating a subscriber""s SIM on the telecommunications network and, in cellular implementations, both receiving and transmitting radio frequency transmissions.
According to one aspect of the invention, before installation in a telecommunications unit, the processor is exposed to shock, vibration, and temperature extremes in excess of those shock, vibration, and temperature extremes normally experienced in the intended application environment, for example, the shock, vibration, and temperature extremes normally experienced by avionics electronic hardware.
According to another aspect of the invention, the invention provides a system for communicating with a telecommunications network, wherein the system includes a memory storing machine instructions and unique subscriber identity data. The subscriber data preferably includes a unique subscriber identity, and an identifying authentication key. The communication system of the invention includes a processor coupled to the memory. The processor executes the machine instructions stored in memory to implement various functions, including validating a subscriber""s SIM on the telecommunications network, and, in cellular implementations, both transmitting and receiving radio frequency communications via the satellite communication network. The functions executed for validating a subscriber""s SIM are a group of SIM emulation functions, which essentially emulate the functions one or more of the prior art physical SIM cards.
According to one aspect of the invention, the SIM emulation functions executed by the processor of the invention include functions that access the unique subscriber identity and identifying authentication key data, and act in concert with a network associated Authentication Center using the identifying authentication key to verify the unique subscriber identity.
According to another aspect of the invention, the SIM emulation functions executed by the processor also include functions that cause the satellite communication network to assign a temporary subscriber identifier to one of the SIM emulation functions and to transmit for a period of time the temporary subscriber identifier in place of the subscriber identity, whereby the subscriber""s true identity is rarely broadcast over the air and thereby kept secret. Preferably, the SIM emulation functions executed by the processor include a function that causes the satellite communication network to assign a different temporary subscriber identifier to the SIM emulation function after a period of time.
According to still another aspect of the invention, the invention provides a method for forming the controller of the invention for controlling communications with a telecommunications network. The method of the invention includes the steps of forming a processor for executing the machine instructions that implement the SIM emulation functions. The steps of the method of the invention preferably include coupling a non-volatile EEPROM memory to the processor; storing such data as unique subscriber identity data and an identifying authentication key in the non-volatile memory along with machine instructions for implementing one or more SIM emulation functions. The processor is preferably environmentally hardened by cyclic exposure to pre-defined shock, vibration, and temperature extremes in excess of those expected in the intended application.
According to still other aspects of the invention, the SIM emulation functions executed by the processor are functions validating a subscriber""s SIM on the telecommunications network. For example, the SIM emulation functions access the stored unique subscriber identity and identifying authentication key data, and verify the unique subscriber identity in concert with a network associated Authentication Center using the identifying authentication key data.